diff --git a/internal/api/api.go b/internal/api/api.go
index d267cb0cf2..f45eb9e35c 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -98,7 +98,25 @@ func (a *API) routeGRPC() {
 }
 
 func (a *API) routeGRPCWeb(router *mux.Router) {
-	router.NewRoute().HeadersRegexp("Content-Type", "application/grpc-web.*").Handler(grpcweb.WrapServer(a.grpcServer))
+	router.NewRoute().HeadersRegexp("Content-Type", "application/grpc-web.*").Handler(
+		grpcweb.WrapServer(a.grpcServer,
+			grpcweb.WithAllowedRequestHeaders(
+				[]string{
+					http_util.Origin,
+					http_util.ContentType,
+					http_util.Accept,
+					http_util.AcceptLanguage,
+					http_util.Authorization,
+					http_util.ZitadelOrgID,
+					http_util.XUserAgent,
+					http_util.XGrpcWeb,
+				},
+			),
+			grpcweb.WithOriginFunc(func(_ string) bool {
+				return true
+			}),
+		),
+	)
 }
 
 func (a *API) healthHandler() http.Handler {